Managing accounts in Detective
When an account enables Detective, it becomes the administrator account for the behavior graph, and it chooses the member accounts for the behavior graph. An administrator account can invite accounts to join a behavior graph. When the account accepts the invitation, Detective enables the account as a member account. Member accounts that are added by invitation can remove themselves from the behavior graph.
When an account is enabled as a member account, Detective begins to ingest and extract the member account's data into that behavior graph.
Each behavior graph contains data from one or more accounts. A behavior graph can have up to 1,200 member accounts.
If you are integrated with AWS Organizations, then the organization management account designates the Detective administrator account for the organization. That Detective administrator account then becomes the administrator account for the organization behavior graph. The Detective administrator account can enable any organization account as a member account in the organization behavior graph. Organization accounts cannot remove themselves from the organization behavior graph.
Detective charges each account for the data that it contributes to each behavior graph. For information on tracking the volume of data for each account in a behavior graph, see Forecasting and monitoring Amazon Detective costs.
Contents
- Account restrictions and recommendations in Detective
- Using Organizations to manage behavior graph accounts
- Designating the Detective administrator for an organization
- Available actions for accounts
- Viewing the list of accounts
- Managing organization accounts as Detective member accounts
- Managing invited member accounts in Detective
- For member accounts: Managing behavior graph invitations and memberships
- Effect of account actions on behavior graphs
- Using Detective Python scripts to manage accounts